Related art data security approaches include processes that are intended to prevent data loss. Such processes determine how an enterprise uses information by collecting data, typically in repositories in data center(s), monitoring outbound traffic from the data center(s), and analyzing the data usage by the enterprise to determine a potential for data loss or threat to data integrity for preventing data loss.
Related art data security approaches also include processes for determining behavioral anomalies with respect to data usage by users. Such processes include steps of determining and storing a reference or “normal” profile for a user of the data, and in some processes, forming a user profile based on the determination. The reference profile, or the user profile, may be compared with monitored data usage or day-to-day data interactions to detect behavioral anomalies. An enterprise, or an owner or custodian of the data may be informed of behavioral anomalies, and may be alerted thereto based on the detection.
While related art data loss protection solutions identify data interactions, the interactions are typically not necessarily attributable to business processes, and do not expose or provide context as to why such data interactions are occurring, and whether or not the interactions are permitted or sanctioned by an enterprise, owner, or custodian of the data. Moreover, while behavioral anomaly detection solutions examine system activities and data usage to reveal when users perform activities outside those reflected by normal user profiles, for example, they provide no context for the business process or entity policy driving such behavior. Thus, data security management professionals confront difficulty in managing and prioritizing data security risks for enterprises having varying and evolving sets of environmental variables.
The information security community has recently embraced the notion of capturing data within an organization to better understand where risks may lurk and where to focus data assessment efforts. In particular, the recently deployed Payment Card Industry (PCI) Data Security Standard (DSS) and recently published National Institute of Standards and Technology (NIST) Cybersecurity Framework both require documentation of sensitive data flows to fully satisfy requirements.